Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Old objects in AD

Posted on 2007-12-03
6
Medium Priority
?
248 Views
Last Modified: 2010-04-21
Hello,

I have some computer accounts in Active Directory that are probably no longer valid. I am looking for an easy way to scan and verify this so that they may be removed. It would be nice to find the last time they actually logged into the domain. Any ideas? Thanks!
0
Comment
Question by:jbyrd1981
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 4

Expert Comment

by:AGCIT
ID: 20400211
dsquery will do it. you have to have a critery though, like 90 days inactivity or such...

http://www.windowsnetworking.com/kbase/WindowsTips/Windows2003/AdminTips/Admin/PruningOldComputerAccountsinAD.html

I recently wrote one for users
0
 
LVL 20

Accepted Solution

by:
Lazarus earned 2000 total points
ID: 20400216
Use OLDCMP: you can get it at http://joeware.net works well for your needs. It's command line though.
0
 
LVL 20

Expert Comment

by:Lazarus
ID: 20400222
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 4

Expert Comment

by:AGCIT
ID: 20400231
(Spelling) Criteria. Sorry,

Echo off
FOR /F "TOKENS=1* DELIMS= " %%A IN ('DATE/T') DO SET CDATE=%%B
FOR /F "TOKENS=1,2 eol=/ DELIMS=/ " %%A IN ('DATE/T') DO SET mm=%%B
FOR /F "TOKENS=1,2 DELIMS=/ eol=/" %%A IN ('echo %CDATE%') DO SET dd=%%B
FOR /F "TOKENS=2,3 DELIMS=/ " %%A IN ('echo %CDATE%') DO SET yyyy=%%B
SET date=%mm%%dd%%yyyy%
dsquery user -Inactive 12 ou=exited,ou=employeeexits,dc=domain,dc=com -limit 0 > "M:\path\%date%.Xls" | DSRM -noprompt

In this case it was for users, 12 weeks inactive, log it into an excel sheet, and the DSRM is the remove automatically
0
 
LVL 1

Expert Comment

by:chipbunker
ID: 20400346
Without reinventing the wheel, I was able to find a couple sites that might assist you in retrieving the information you need to find the old computer accounts in active directory.

http://www.visualbasicscript.com/m_24625/mpage_1/key_/tm.htm
http://www.petri.co.il/forums/showthread.php?t=8973
0
 
LVL 1

Author Closing Comment

by:jbyrd1981
ID: 31412494
Thanks! I believe that this is what I was looking for.
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Suggested Courses

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question